July 14, 2021
Egress’ Insider Data Breach Survey 2021 claims that 94 percent of organisations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 84 percent of IT leaders surveyed.
However, IT leaders are more concerned about malicious insiders, with 28 percent indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error came bottom of the list, with just over one-fifth (21 percent) saying that it’s their biggest concern.
Additionally, almost three-quarters (74 percent) of organisations have been breached because of employees breaking security rules, and 73 percent have been the victim of phishing attacks.
The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.
Empowering insiders to do the right thing
The research claims that 97 percent of employees would report an insider data breach to their employer – which is reassuring for the 55 percent of IT leaders who rely primarily on employees to report incidents. However, when employees do speak up about breaches, it can cost them: the research highlights that 89 percent of incidents lead to repercussions for the employees involved, including informal and formal warnings, and dismissal.
In addition, just 54 percent of employees said that they feel their organisation’s security culture trusts and empowers them, indicating that many organisations lack a security-positive culture.
The risks of hybrid working: a difference in opinion
The biggest driver for change in insider risk over the last year has been the adoption of long-term remote working due to the pandemic. Over half (56 percent) of IT leaders believe that remote work has driven an increase in data breaches caused by human error. Meanwhile, employees disagree, with 61 percent believing that remote work makes them less, or equally, as likely to cause a data breach.
“Insider risk is every organisation’s most complex vulnerability”
IT leaders are also concerned for the future, with 54 percent indicating that they believe that remote/hybrid working will make it more difficult to prevent data breaches caused by human error. Half of IT leaders also believe that it will make it more difficult to prevent phishing attacks, and 49 percent believe that it will be more difficult to prevent employees from breaking the rules if they’re working remotely in the future.
Egress CEO Tony Pepper comments: “Insider risk is every organisation’s most complex vulnerability – and it has far-reaching consequences, from ransomware attacks to loss of client trust. Organisations must act now to mitigate the risk posed by their people.
“The research highlights the importance of empowering employees – they want to protect their employer’s data, and it’s up to organisations to ensure that they’re building a security-positive culture. With the right technology and strategy in place, organisations can transform their people from their biggest security vulnerability into their strongest line of defence.”
Image by Robinraj Premchand